Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Concourse pages #224

Merged
merged 2 commits into from
Apr 30, 2024
Merged

Concourse pages #224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
56c6071
1st pass at concourse pages
ChrisMcGowan Apr 29, 2024
45bd155
last pass for concourse-pages
ChrisMcGowan Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 99 additions & 0 deletions ci/pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,66 @@ jobs:
username: ((slack-username))
icon_url: ((slack-icon-url))

- name: deploy-concourse-pages-production
serial: true
interruptible: true
plan:
- in_parallel:
- get: concourse-deployment
passed: [deploy-concourse-staging]
- get: concourse-config
passed: [deploy-concourse-staging]
- get: terraform-yaml
- get: concourse-stemcell-jammy
passed: [deploy-concourse-staging]
- put: concourse-production-pages-deployment
params:
<<: *deploy-params
ops_files:
- concourse-deployment/cluster/operations/basic-auth.yml
- concourse-deployment/cluster/operations/build-log-retention.yml
- concourse-deployment/cluster/operations/scale.yml
- concourse-deployment/cluster/operations/enable-global-resources.yml
- concourse-config/operations/credhub.yml
- concourse-config/operations/iaas-worker.yml
- concourse-config/operations/postgres-production-pages.yml
- concourse-config/operations/external-postgres-tls.yml
- concourse-config/operations/driver.yml
- concourse-config/operations/config-pages.yml
- concourse-config/operations/generic-oauth.yml
- concourse-config/operations/compliance.yml
- concourse-config/operations/prometheus.yml
- concourse-config/operations/set-garbage-collection.yml
- concourse-config/operations/base-resource-defaults.yml
- concourse-config/operations/max-containers.yml
- concourse-config/operations/bosh-dns-aliases.yml
- concourse-config/operations/enable-across-step.yml
- concourse-config/operations/container-placement.yml
- concourse-config/operations/iptables.yml
- concourse-config/operations/redact-secrets.yml
vars_files:
- concourse-deployment/versions.yml
- concourse-config/variables/production-pages.yml
- concourse-config/variables/postgres-tls.yml
- terraform-yaml/state.yml
on_failure:
put: slack
params:
text: |
:x: FAILED to deploy Concourse Pages on production
<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
channel: '#cg-platform'
username: ((slack-username))
icon_url: ((slack-icon-url))
on_success:
put: slack
params:
text: |
:white_check_mark: Successfully deployed Concourse Pages on production
<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|View build details>
channel: '#cg-platform-news'
username: ((slack-username))
icon_url: ((slack-icon-url))
# by having a different job for iptables, we should work around the issue
# where the concourse deployment seems to fail because we lose our worker
# so the iptables job never runs and dns breaks until we re-run the whole
Expand Down Expand Up @@ -239,6 +299,30 @@ jobs:
BOSH_CA_CERT: ((common_ca_cert_store))
BOSH_DEPLOYMENT: concourse-production

- name: iptables-production-pages
serial: true
interruptible: true
plan:
- task: iptables-iaas-worker-bosh-dns
config:
<<: *iptables-iaas-worker-bosh-dns
params:
BOSH_ENVIRONMENT: ((concourse-production-deployment-bosh-target))
BOSH_CLIENT: ci
BOSH_CLIENT_SECRET: ((tooling_bosh_uaa_ci_client_secret))
BOSH_CA_CERT: ((common_ca_cert_store))
BOSH_DEPLOYMENT: concourse-production-pages
- task: iptables-worker-bosh-dns
tags: [iaas]
config:
<<: *iptables-worker-bosh-dns
params:
BOSH_ENVIRONMENT: ((concourse-production-deployment-bosh-target))
BOSH_CLIENT: ci
BOSH_CLIENT_SECRET: ((tooling_bosh_uaa_ci_client_secret))
BOSH_CA_CERT: ((common_ca_cert_store))
BOSH_DEPLOYMENT: concourse-production-pages

- name: set-teams-production
plan:
- get: team-source
Expand All @@ -254,6 +338,21 @@ jobs:
concourse_username: ((basic-auth-username-production))
concourse_password: ((basic-auth-password-production))

- name: set-teams-production-pages
plan:
- get: team-source
params: {depth: 1}
trigger: true
passed: [set-teams-staging]
- put: terraform-production
params:
env_name: production
terraform_source: team-source/teams
vars:
concourse_url: https://ci-pages.fr.cloud.gov
concourse_username: ((basic-auth-username-production-pages))
concourse_password: ((basic-auth-password-production-pages))

resources:
- name: concourse-deployment
type: git
Expand Down
27 changes: 27 additions & 0 deletions operations/config-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
- type: replace
path: /instance_groups/name=web/azs
value: ((azs))
- type: replace
path: /instance_groups/name=worker/azs
value: ((azs))
- type: replace
path: /instance_groups/name=iaas-worker/azs
value: ((azs))

- type: replace
path: /instance_groups/name=web/vm_extensions?
value: ((web_vm_extensions))
- type: replace
path: /instance_groups/name=worker/vm_extensions?
value: ((worker_vm_extensions))
- type: replace
path: /instance_groups/name=iaas-worker/vm_extensions?
value: ((iaas_worker_vm_extensions))

- type: replace
path: /update/update_watch_time?
value: 120000

- type: replace
path: /update/canary_watch_time?
value: 120000
18 changes: 18 additions & 0 deletions operations/postgres-production-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
- type: replace
path: /instance_groups/name=web/jobs/name=web/properties/postgresql?/host?
value: ((terraform_outputs.production_concourse_pages_rds_host))

- type: replace
path: /instance_groups/name=web/jobs/name=web/properties/postgresql?/port?
value: ((terraform_outputs.production_concourse_pages_rds_port))

- type: replace
path: /instance_groups/name=web/jobs/name=web/properties/postgresql?/role?/name?
value: ((terraform_outputs.production_concourse_pages_rds_username))

- type: replace
path: /instance_groups/name=web/jobs/name=web/properties/postgresql?/role?/password?
value: ((terraform_outputs.production_concourse_pages_rds_password))

- type: remove
path: /variables/name=postgres_password
16 changes: 16 additions & 0 deletions variables/production-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
deployment_name: concourse-production-pages
external_url: https://ci-pages.fr.cloud.gov
azs: [z1]
web_vm_type: m6i.large.concourse.web
worker_vm_type: m6i.xlarge.concourse.worker
iaas_worker_vm_type: m6i.xlarge.concourse.worker
web_vm_extensions: [production-concourse-pages-lb]
worker_vm_extensions: [production-concourse-profile]
iaas_worker_vm_extensions: [production-concourse-iaas-profile]
network_name: production-concourse_pages
web_instances: 2
worker_instances: 2
iaas_worker_instances: 1
build_logs_default: 25
build_logs_maximum: 0
max_active_containers_per_worker: 200
Loading